ti: MT H THNG THANH TON IN T DA TRN H GIAO THC iKP
Sinh vin thc hin : Phm Quang Tun Lp 46PM2 Gio vin hng dn : Th.S. V Vit Hng
H NI, THNG 1/2006 n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
2
MC LC
Phn I: L THUYT V THANH TON IN T .............................. 4 1.1. Gii thiu chung v thng mi in t .......................................................... 4 1.1.1. Khi nim v thng mi in t ................................................................. 4 1.1.2. Thng mi in t - li ch cho doanh nghip ........................................... 4 1.1.3. Cc vn trong thng mi in t ........................................................... 6 1.2. Gii thiu chung v thanh ton in t ............................................................ 9 1.2.1. Khi nim v thanh ton in t .................................................................. 9 1.2.2. Li ch ca thanh ton in t .................................................................... 10 1.2.3. ng dng thanh ton in t ...................................................................... 11 1.2.4. Cc vn trong thanh ton in t Vit Nam ....................................... 12 1.3. Tng quan v thanh ton th tn dng ............................................................ 12 1.3.1. Ngun gc ca th thanh ton .................................................................... 12 1.3.2. Khi nim v th thanh ton ....................................................................... 13 1.3.3. Phn loi th thanh ton ............................................................................. 13 1.4. Tng quan v l thuyt mt m ..................................................................... 15 1.4.1. Khi nim v mt m .................................................................................. 15 1.4.2. Cc loi mt m .......................................................................................... 15 1.4.2.1. M ho quy c ...................................................................................... 15 1.4.2.2. M ho kho cng khai ........................................................................... 16 1.4.2.3. Thut ton m ha RSA .......................................................................... 16 1.4.3. Cc thut ton hm bm v ch k in t ................................................ 17 1.4.3.1. Cc thut ton hm bm .......................................................................... 17 1.4.3.2. Ch k in t ........................................................................................ 18 1.4.3.3. M hnh ch k in t RSA .................................................................. 19 Phn II: M HNH GII PHP THANH TON IN T ................ 20 2.1. Tng quan giao thc iKP ............................................................................... 20 2.1.1. Lch s hnh thnh h giao thc iKP ............................................................. 20 2.1.2. Cc khi nim trong h giao thc iKP ........................................................... 20 2.1.2.1. Khi nim v Party ...................................................................................... 20 2.1.2.2. Cc yu cu ca Party ................................................................................. 22 2.2. Giao thc 1KP ................................................................................................... 25 2.2.1. Gii thiu ........................................................................................................ 25 2.2.2. nh ngha cc thng ip.............................................................................. 25 n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
3 2.2.3. C ch giao thc ............................................................................................ 26 2.3. Giao thc 2KP ................................................................................................... 28 2.3.1. Gii thiu ........................................................................................................ 28 2.3.2. nh ngha cc thng ip.............................................................................. 28 2.3.3. C ch giao thc ............................................................................................ 28 2.4. Giao thc 3KP ................................................................................................... 30 2.4.1. Gii thiu ........................................................................................................ 30 2.4.2. nh ngha cc thng ip.............................................................................. 30 2.4.3. C ch giao thc ............................................................................................ 30 Phn III: NG DNG .............................................................................. 33 3.1. t vn ......................................................................................................... 33 3.2. Phn tch ............................................................................................................ 33 3.2.1. Bi ton ......................................................................................................... 33 3.2.2. Ni dung ......................................................................................................... 33 3.2.2. Yu cu ........................................................................................................... 34 3.2.2. Phn tch yu cu ........................................................................................... 36 3.3. Thit k .............................................................................................................. 36 3.3.1. Thit k chc nng (Usecase) ........................................................................ 36 3.3.2. Thit k m hnh ng (diagram)................................................................... 42 3.3.3. Thit k c s d liu ..................................................................................... 46 3.4. Lp trnh ............................................................................................................ 50 3.4.1. Tng quan v cng ngh WebServices .......................................................... 50 3.4.2. Ci t cc Services ....................................................................................... 51 3.4.3. M hnh ng dng ca h thng .................................................................... 52 3.4.4. Giao din chnh ca h thng ng dng ......................................................... 52 Phn IV: KT LUN ............................................................................... 55 4.1. nh gi kt qu t c ................................................................................. 55 4.2. Nhng vn thiu st v cch khc phc ...................................................... 56 4.3. Hng pht trin tng lai ................................................................................ 56 n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
4 Phn I: L THUYT V THANH TON IN T 1.1. Gii thiu chung v thng mi in t 1.1.1. Khi nim v thng mi in t Thng mi in t l g ? Thng mi in t (e-commerce) ch vic thc hin nhng giao dch thng mi da trn cc cng c in t (electronic) m c th l mng Internet v WWW (World Wide Web - tc nhng trang web hay website). V d: vic trng by hnh nh hng ha, thng tin v doanh nghip trn website cng l mt phn ca Thng mi in t, hay lin lc vi khch hngqua email, tm kim khch hngthng qua vic tm kim thng tin trn mng Internet v.v... [6]. C nhiu cp thc hin Thng mi in t. cp c bn, doanh nghip c th ch c website trng by thng tin, hnh nh, tm kim khch hng qua mng, lin h vi khch hng qua email . cp cao hn th doanh nghip c th thc hin mt s giao dch trn mng nh cho khch hng t hng thng t trn mng, qun l thng tin khch hng, n hng bng c s d liu t ng trn mng, c th x l thanh ton qua mng bng th tn dng v.v... 1.1.2. Thng mi in t - li ch cho doanh nghip Li ch ca thng mi in t l g ? Trong bi cnh hi nhp kinh t ton cu nh hin nay, vic tn dng mi li th, khai thc, ng dng nhng Cng ngh mi tin hnh kinh doanh c hiu qu l mc tiu m mi Doanh nghip lun hng ti, v nhiu Doanh nghip thnh cng trn Th gii khng nh rng Thng mi in t l mt cng c hu hiu gip h hn ch nhng tr ngi v pht huy tim nng c th ng vng trong mi trng cnh tranh khc lit mang tnh ton cu, v c th khng nh tnh tt yu ca vic pht trin thng mi in t cng nh nhng li ch to ln m n em li. Vy nhng li ch m Thng Mi in T s mang li l g ? Qung b thng tin v tip th cho mt th trng ton cu vi chi ph cc thp: ch vi vi chc -la M mi thng, doanh nghip c th a thng tin qung co ca mnh n vi vi trm triu ngi xem t cc ni trn th gii. y l iu m ch c Thng Mi in T lm c cho doanh nghip. Th so snh vi mt qung co trn bo Tui Tr vi vi triu c gi, mi ln qung co doanh nghip phi tr t nht 50 -la M, cn nu doanh nghip c mt website ca mnh, doanh nghip c th qung co thng tin 24 gi mi ngy, 7 ngy mi tun, v lng c gi ca doanh nghip l hng trm triu ngi t mi ni trn th gii. Chi n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
5 ph cho website ca doanh nghip mi thng c tnh (kinh t nht) l: 5 -la M chi ph lu tr trc tuyn (hosting), 10-20 -la M tr cho chi ph qung co (lit k a ch web ca doanh nghip trn mt dng danh b doanh nghip in t. D nhin, y ch l chi ph ti thiu cho website ca doanh nghip. Nu doanh nghip c kh nng ti chnh, doanh nghip c th thu qung co vi chi ph cao hn mong qung co tt hn. Dch v tt hn cho khch hng: vi Thng Mi in T, doanh nghip c th cung cp catalogue, brochure, thng tin, bng bo gi cho i tng khch hng mt cch cc k nhanh chng, doanh nghip c th to iu kin cho khch hng mua hng trc tip t trn mng v.v Ni tm li, Thng Mi in T mang li cho doanh nghip cc cng c lm hi lng khch hng, bi trong thi i ngy nay, yu t thi gian thc s l vng bc, khng ai c kin nhn phi ch i thng tin trong vi ngy. Hn na, ngy nay cht lng dch v v thi phc v l nhng yu t rt quan trng trong vic tm v gi khch hng. Nu doanh nghip khng x l yu cu thng tin ca i tng quan tm mt cch nhanh chng, h s khng kin nhn ch i, trong khi c bit bao i th cnh tranh ang sn n h. Tng doanh thu: vi Thng Mi in T, i tng khch hng ca doanh nghip gi y khng cn b gii hn v mt a l, hay thi gian lm vic. Doanh nghip khng ch c th bn hng cho c dn trong thnh ph ca doanh nghip, m doanh nghip cn c th bn hng trong ton b Vit Nam hoc cc nc khc. Doanh nghip khng ngi ch khch hng t tm n vi doanh nghip m doanh nghip ang tch cc v ch ng i tm khch hng cho mnh. V th, chc chn rng s lng khch hng ca doanh nghip s tng ln ng k dn n doanh thu nhy vt. l iu m doanh nghip no cng m c. Tuy nhin, cng xin nhc li vi doanh nghip rng cht lng v gi c sn phm hay dch v ca doanh nghip phi tt, nu khng, Thng Mi in T cng khng gip g c cho doanh nghip. Gim chi ph hot ng: vi Thng mi in t, doanh nghip khng phi tn km nhiu cho vic thu ca hng, mt bng, ng o nhn vin phc v, v cng khng cn phi u t nhiu cho kho cha... Ch cn khong 10 triu ng xy dng mt website bn hng qua mng, sau chi ph vn hnh website mi thng khng qu mt triu ng. Nu website ca doanh nghip ch l trng by thng tin, hnh nh sn phm, doanh nghip tit kim c chi ph in n brochure, catalogue v c chi ph gi bu in nhng n phm ny. V c bit nu doanh nghip doanh n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
6 nghip lm hng xut khu, doanh nghip c th ngi nh v tm kim khch hng qua mng, khng cn phi tn km nhiu cho nhng chuyn ch thn xut ngoi. Li th cnh tranh: vic kinh doanh trn mng l mt sn chi cho s sng to, ni y, doanh nghip tha h p dng nhng tng hay nht, mi nht v dch v h tr, chin lc tip th v.v V mt khi tt c cc i th cnh tranh ca doanh nghip u p dng Thng Mi in T, th phn thng s thuc v ai sng to hay nht to ra nt c trng cho doanh nghip, sn phm, dch v ca mnh c th thu ht v gi c khch hng. Vi nhng li ch to ln thng mi in t tng bc khng nh th mnh ca mnh. C th khng nh rng thng mi in t ang tr thanh xu hng pht trin tt yu ti Vit Nam trong tng lai. Tt nhin cc nc pht trin trn th gii th giao dch thng mi in t tr thnh ph bin hng chc nm nay. Nh vy s pht trin mnh m ca thng mi in t c pht sinh nhng vn g ? Hay ni cch khc nhng vn trong thng mi in t hin nay ca Vit Nam l g ?.
1.1.3. Cc vn trong thng mi in t
Cc vn trong thng mi in t l g ? Thc t cho thy Internet vn ang to ra v s c hi pht trin kinh doanh cho nhng khu vc t li th c th tham gia vo cc giao dch ton cu m khng cn phi bn tm nhiu v chi ph... Lm sao c th tn dng Internet m rng th trng, tm thm c hi cho sn phm, dch v ca mnh tr thnh iu m cc doanh nhn, doanh nghip Vit Nam khng th khng quan tm. D nhn thc v thng mi in t c nhiu chuyn bin tch cc v c mt s Website nh: tienphong-vdc.com.vn, nynaflowers.com, goodsonlines.com... thc hin kh thnh cng khu bn hng qua mng, song Vit Nam vn cha c thng mi in t theo ng ngha ca khi nim ny...Vy u l nhng hn ch ca thng mi in t Vit Nam ?. Cc chuyn gia v lnh vc thng mi in t nhn nhn nhng l do sau: Web thng mi in t - t c v lng ln sc hp dn Cc s liu thng k v s trang Web Vit Nam hin nay cha chnh xc. Theo trang www.vietnamwebsite.net, tnh n thng 6/2003, danh b Website Vit n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
7 Nam m trang Web ny bin tp c l khong hn 6.500 v con s ny c th cn ln hn th. Tuy nhin nu phn loi theo ngnh ngh th ch c khong 3.400 Website ca doanh nghip. Tr i s doanh nghip c nhiu hn mt Website v tnh trn tng s doanh nghip ang hot ng (khong 70.000) th c khong 5% doanh nghip c Website trn mng. Cn nu dng cng c tm kim Google vi t kha gi hng - c trng ca cc trang Web thng mi in t - th ch c th tm c 81 a ch, b nhng a ch b trng lp th ch cn khong hn 50 Website c xy dng theo m hnh thng mi in t. Kho st k hn cc trang web trong s 50 Website ny th ch c khong hn 20 a ch c kh nng thu ht khch hng qua mng, s cn li gn nh ch trng by sn phm, t chu cp nht thng tin. Mc d bn hng ha v dch v qua mng ch l mt trong s nhng hot ng ca thng mi in t v khng phi cc Web thng mi in t u phi c hot ng ny song nhn chung, cc Website Vit Nam hin nay thng thiu thng tin, thiu cp nht v cha sn sng cho thng mi in t. Mt trong nhng nguyn nhn vn c xem nh l do chnh khin cc trang Web thng mi in t Vit Nam cha pht huy hiu qu l s ngi s dng Internet cn qu thp. iu cha cho php hy vng v s thnh cng v pht trin ca thng mi in t trong tng lai gn. ng L Trung Ngha - Gim c Cng ty c phn phn mm, thng mi in t Nht Vinh - nhn nh: Hot ng ca cc doanh nghip ang pht trin thng mi in t hin nay vn cn d dt v cha thc hin mt chu trnh thng mi in t v cn thiu nhng iu kin cn nh c s php l, h tng bo mt, thanh ton trc tuyn...". Cha c c s php l chnh thc, ang ch lnh Theo ng Nguyn Thanh Hng - Trng ban Cng ngh thng tin v Thng mi in t, B Thng mi (c quan ch tr vic xy dng Php lnh thng mi in t), cc bn d tho ca Php lnh ang trong giai on hon thnh v s trnh Chnh ph vo cui nm nay. Ni cch khc, vic ra i ca hnh lang php l cho thng mi in t l iu tt yu, vn ch l thi gian, l sm hay mun. Php lnh thng mi in t mi c ban hnh v Chnh ph cn phi trnh y ban Thng v Quc hi xem xt... Sau khi c php lnh, c l s tip tc phi ch cc ngh nh, thng t hng dn thi hnh. Cha c Php lnh thng mi in t, nhiu web thng mi in t khng cam kt cng chng yu cu khch hng cam kt v trch nhim i vi n hng n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
8 t. C nhng trang Web trng by sn phm kh p mt, nhng khng bn hng bi hng th ca ch doanh nghip b gim xt v ch Php lnh ra i. Vi vai tr l Trng Ban son tho Php lnh thng mi in t, Th trng B Thng mi L Danh Vnh nhn nh: "Nu cn c vo trnh pht trin chung ca h tng c s v cng ngh thng tin v bu chnh vin thng cng nh s lng ngi kt ni Internet v s ngi s dng my tnh th vic ng dng v pht trin thng mi in t nc ta mi ang giai on u". Th trng tha nhn, 3 vn quan trng nht i vi thng mi in t Vit Nam l ch k in t, thanh ton in t v vn bo mt, an ton trong thng mi in t. X l c cc vn ny th vic gii quyt kin tng, tranh chp hp ng... nu c s d dng hn. Thanh ton, bo mt, chng thc cng ang trng thi ch i Khu thanh ton trc tuyn hin cng ang l bi ton kh gii vi tt c cc Website thng mi in t Vit Nam. C th tm thy trn nhiu trang Web bn hng qua mng dng ch: Do c th thanh ton ti Vit Nam nn chng Em cha th trin khai vic thanh ton qua mng, hoc Hng s c gi n Qu khch ngay khi chng em nhn c thanh ton. V cha ai nh chun thanh ton cho cc giao dch trn mng, nn cc Website thng mi in t thng t xc nh phng thc thanh ton ring, ph hp vi mnh. Th tc thanh ton thng phi thm nhiu bc: xc nhn li n t hng bng fax, e-mail, in thoi, sau ch khch hng chuyn tin qua bu in ri mi thc hin giao hng. iu khin bn mua ngi ti vi thng mi in t, cn bn bn th khng tin lm vo li ch ca vic bn hng qua mng. Thanh ton trc tuyn i hi ngi bn phi c mt ti khon chp nhn thanh ton th ti ngn hng no (Merchant Account) v thu mt nh cung cp dch v thanh ton th (Payment Gateway), cn ngi mua phi c th tn dng. Th nhng, do c pha ngi bn v ngi mua (qua mng Internet) u cha sn sng, vic s dng th cha thnh thi quen trong thanh ton nn cc n lc khai thc Internet ang dng li mc tip th v qung co cho thng mi truyn thng. Ti Vit Nam, cha c ngn hng hoc t chc no cung cp dch v merchant account mc d nhu cu s dng dch v ny ca cc website Vit Nam ang tng nhanh. khc phc hn ch ny, cc Website Vit Nam ch c th s dng dch v ca mt s ngn hng hoc t chc nc ngoi d rng chi ph kh cao. Hoc lm theo cch ca chipchip.com hay bancanbiet.com: cho khch hng to mt ti khon theo kiu tr n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
9 tin trc ngay trn Website, sau khi khch hng np tin vo ti khon ny, bn bn s tr dn tin trong ti khon y khi khch ng k mua hng. Thng mi in t gn lin vi nhng giao dch trc tuyn, cc bn tham gia phi cung cp nhng thng tin nhy cm nh: s th tn dng, password (mt khu), d liu ti chnh hoc cc d liu cn c bo v tt thng qua Website cung cp dch v. V vy, bo mt l iu khng th thiu. Th nhng, vn bo mt cha c cc doanh nghip hng ti thng mi in t quan tm. Bo mt cho h thng mng my tnh cn phi quan tm nhiu hn cn v s quy ph ca hacker vt ra khi ranh gii ca th tiu khin. Theo mt hacker: Phn ln ch Website hoc qun tr mng ca cc h thng kinh doanh in t Vit Nam khng quan tm n bo mt, h khng ngh rng ch mt lnh DOS (t chi dch v) n gin hoc nhng can thip v ni dung c th gy tc hi ln cho chuyn kinh doanh ca h. C th trc mt, khi phn ln cc Website thng mi in t Vit Nam cha thc hin giao dch trc tuyn th bo mt cha tht s quan trng, nhng v lu di, khi cc giao dch thng mi in t tr thnh xu th tt yu th nu t quan tm s rt kh tr b t bo v mnh. l cha k, nu mun pht trin nhanh v mnh, vic cung cp hng ha, dch v buc phi hng ti th trng bn ngoi Vit Nam. Cng v cha c quy phm no v bo mt nn ng L Trung Ngha tm s: Cng ngh thc hin chng thc in t kh n gin, cng ty no cng c th lm song khng c quy nh v chun chung th gii php bo mt s ri vo tnh trng ging nh b m cho ting Vit: thiu s tng thch gia cc gii php. 1.2. Gii thiu chung v thanh ton in t 1.2.1. Khi nim v thanh ton in t Thanh ton in t l g ? Thanh ton l mt khu khng th thiu trong bt k mt phin giao dch thng mi no. Vy chng ta hiu thanh ton in t l g ? Thanh ton in t l vic ngn hng thc hin thanh ton theo yu cu ca khch hng m ti khon tin gi ti ngn hng, thng qua vic khch hng chuyn ti ngn hng phc v mnh yu cu thanh ton qua mng my tnh. Qu trnh thanh ton in t l qu trnh thit lp, tip nhn, x l mt lnh chi qua mng my tnh, k t khi ngn hng nhn c lnh chi ca khch hng n khi hon tt vic thanh ton cho ngi nhn .[6] n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
10 Hay ni cch khc, thanh ton in t l cc hnh thc thanh ton tin hnh thng qua mi trng Internet. Thng qua h thng thanh ton in t, thu bao Internet c th tin hnh cc hot ng thanh ton, chi tr, chuyn tin v.v... Thng thng h thng thanh ton in t c lin kt vi mng thanh ton ring ca ngn hng hay cc mng chuyn thanh ton khc nh mng thanh ton th c iu hnh bi t chc Visa v MasterCard. Thng qua h thng thanh ton in t, thu bao Internet c th tin hnh thanh ton bng cc phng tin sn c ca h nh th tn dng hay thanh ton trc tip trn ti khon ca h ti ngn hng. Thanh ton in t khng ch gii hn trong hot ng thanh ton gia c nhn v ngn hng, c nhn vi doanh nghip hay doanh nghip vi ngn hng m n cn cho php tin hnh thanh ton gia cc ngn hng. H thng thanh ton in t cung cp dch v thanh ton cho thu bao Internet t Internet tin hnh thanh ton vo mng ring ca ngn hng. Cc h thng thanh ton in t ng vai tr mt cng gia Internet v mng ngn hng. Cng ny s nhn cc yu cu thanh ton t Internet sau chuyn i khun dng d liu t dng TCP/IP sang dng d liu s dng trong mng ngn hng. Thng tin sau khi chun i s c gi n my ch trong mng ngn hng tin hnh s l thanh ton. Thng tin phn hi t my ch trn mng ngn hng gi ra Internet cng c cng bin i tng t. 1.2.2. Li ch ca thanh ton in t Trong th gii kinh doanh, c rt nhiu phng php thanh ton khc nhau: khch hng c th tr tin mt, tr bng sc hoc dng th tn dng. Trong ni dung ca n ny ngi vit n s cp n nhng li ch ca vic thanh ton bng th tn dng. y chnh l hnh thc thanh ton d nht p dng trc tuyn. V cng xin ni thm rng giao thc thanh ton in t iKP c pht trin da trn m hnh thanh ton th tn dng, mc d giao thc iKP ca IBM a ra vi tham vng c th p dng cho mi m hnh thanh ton ph bin hin nay nhng m hnh thanh ton da trn th tn dng l hng m giao thc iKP mun hng ti. Nh vy khch hng v doanh nghip s c c thun li g nu chp nhn thanh ton bng th tn dng : Th nht: Thanh ton bng th tn dng lun to iu kin thun li cho khch hng. Khng phi vit sc hay vit vo mu n t hng, cho vo phong b ri gi i v cng khng cn phi gi in. Khch hng c th t hng 24 ting mt ngy, 7 ngy mt tun, ch cn dng th tn dng, nhp s ri nhn chut vo cc biu tng l c th hon thanh giao dch thanh ton . n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
11 Th hai: Thanh ton bng th tn dng l hnh thc thanh ton tt nht, c uy tn nht hin nay v n chng t hot ng kinh doanh ca doanh nghip mang tnh chuyn nghip cao. Th ba: Khi chp nhn thanh ton bng th tn dng, khch hng c th t hng trc v thanh ton sau. T khu t hng cho n lc sn phm ng gi, vn chuyn u c thc hin nhanh chng. Nu khch hng t hng v thanh ton qua ng bu in hoc fax h s gi sc ri phi i gia hn sc v sau mi gi hng. Nh vy s gy ra s bt tin, v mt nhiu thi gian hon thanh giao dch thanh ton.. Th t: Khi kinh doanh trn Internet, i tng khch hng ca doanh nghip c th l ton cu, m nh chng ta bit khch hng cc nc pht trin thng thanh ton bng th tn dng khi mua hng. Do vic mt doanh nghip khng chp nhn thanh ton bng th tn dng cng c ngha l doanh nghip t chi bn hng. Khch hng s khng mua hng khi h thy mua bn khng thun tin bi v h c th d dng tm thy nh cung cp khc. Cn Vit Nam, mc d hin nay phng php thanh ton bng th tn dng cn cha ph bin nhng nu doanh nghip c k hoch kinh doanh trn mng v c cc chin lc thu ht khch hng trn ton th gii th doanh nghip nn chp nhn thanh ton bng th tn dng. V cn nhiu li ch khc... 1.2.3. ng dng thanh ton in t Thanh ton in t c ng dng cho hai lnh vc chnh: Cc h thng thanh ton thun tu v cc h thng thanh ton l mt phn ca h thng thng mi in t. H thng thanh ton thun tu (c xem nh dch v ngn hng ti nh) Dch v ny cho php ngi dng ti nh s dng my tnh c nhn kt ni Internet truy xut thng tin v ti khon ca khch hng ti ngn hng. Quan trng hn na l dch v ny cho php ngi dng s dng cc dch v thanh ton, chuyn tin v.v... ca ngn hng ti ngay my tnh c nhn ca mnh. Li th ca nhm dch v ny l n mang li s tin dng cho khch hng: Thay v phi n ngn hng thanh ton, ngi dng gi y c th ngi ti nh m vn s dng c c dch v ca ngn hng. H thng thng mi in t s dng thanh ton in t. H thng thng mi in t cung cp dc v bn hng, giao dch trn mi trng Internet. Qu trnh mua hng gm cc bc: Ngi mua hng ng nhp vo siu th o, chn mua hng v tin hnh thanh ton. Trong qu n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
12 trnh thanh ton c lin kt n h thng thanh ton in t. S dng trong thng mi in t ngi mua hng thng chp nhn thanh ton th, l hnh thc thanh ton c an ton cao.
Thanh ton in t m rng phm vi phc v khch hng ca ngnh ngn hng, mang li nhng tin nghi nh ngn hng ti nh cho ngi dng. Thanh ton in t cng ang dn chim u th trong lnh vc thanh ton lin ngn hng. Ngn hng c xu hng thay nhng lin kt mng ring lin ngn hng bng lin kt qua Internet c th gim chi ph giao dch, hp dn khch hng v chi ph v tin nghi s dng dch v ngn hng. Thanh ton in t cng l mt gii php cho cc ngn hng cha c h thng thanh ton lin ngn hng. 1.2.4. Cc vn trong thanh ton in t Vit Nam Hin nay Vit Nam c th ni cha c h thng thanh ton in t mang ng ngha ca n, cng nh cc ngn hng nc ta cha c h thng thanh ton lin ngn hng. Gn y, s ni ln ca cc ngn hng, doanh nghip i hi p dng h thng thanh ton in t m ra mt tng lai ti sng cho thng mi in t Vit Nam. Tiu biu l VNEMART - Sn giao dch Thng mi in t u tin ca Vit Nam c trin khai h thng thanh ton in t nh du mt bc pht trin mi. Tuy nhin khi m hnh lang php l v thng mi in t cha hon thin th vn trin khai h thng thanh ton in t kh c th tr thnh hin thc. y tc gi vit n cng xin gii thiu thm mt s thng tin v sn giao dch Thng mi in t VNEMART : VNEMART vi bc khi u gian nan ti thng mi in t chnh thc khai trng vo ngy 23/4/2003. y l d n do Phng Thng mi v Cng nghip Vit Nam (VCCI) cng Cng ty in ton v Truyn S liu (VDC) v Ngn hng Cng thng Vit Nam (ICB) phi hp trin khai. Sau gn 2 nm thai nghn, s ra i ca VNEMART so vi th gii c v mun mn nhng m ra c hi giao thng cho cc doanh nghip Vit Nam xut khu hng ho, tm kim i tc v bn hng trn th trng th gii. . Khi cc iu kin php l ca Vit Nam hon thin hn, cc doanh nghip c th k kt hp ng v thanh ton ngay qua mng. Nh vy c th ni tr ngi ln nht ca Thanh ton in t Vit Nam l hng lang php l. Thng mi in t Vit Nam cn mt c s lut pht trin, v y cng chnh l vn sng cn ca thanh ton in t nc ta hin nay. Thanh ton in t vn ang l mt thch thc. 1.3. Tng quan v thanh ton th tn dng 1.3.1. Ngun gc ca th thanh ton n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
13 Phng php thanh ton bng th ra i kh sm do ng Frank Mc Namara, mt doanh nhn ngi M, pht minh vo nm 1949. Nhng tm th thanh ton u tin c tn l Diners Club th hin nhng u vit vit tri so vi cc phng php thanh ton truyn thng. y l phng php c nhiu ha hn trong tng li, mt phng php thanh ton kiu mi phng php thanh ton bng th, c bit l th tn dng (Credit Card ). Trc khi tm hiu v phng php thanh ton kiu mi ny, chng ta hy tm hiu v khi nim th thanh ton, c nhng phng php thanh ton bng th no ? 1.3.2. Khi nim v th thanh ton i vi th thanh ton c nhiu khi nim din t n, mi mt cch din t nhm lm ni bt mt ni dung no . Sau y l mt s khi nim v th thanh ton: Th thanh ton (th chi tr) l mt phng tin thanh ton tin mua hng ho, dch v hoc c th c dng rt tin mt ti cc Ngn hng i l hoc cc my rt tin t ng. Th thanh ton l mt loi th giao dch ti chnh c pht hnh bi Ngn hng, cc T chc ti chnh hay cc cng ty. Th thanh ton l mt phng tin thanh ton khng dng tin mt m ngi ch th c th s dng rt tin mt hoc thanh ton tin mua hng ho, dch v ti cc im chp nhn thanh ton bng th. Th thanh ton l phng thc ghi s nhng s tin cn thanh ton thng qua my c th phi hp vi h thng mng my tnh kt ni gia Ngn hng/T chc ti chnh vi cc im thanh ton (Merchant). N cho php thc hin thanh ton nhanh chng, thun li v an ton i vi cc thnh phn tham gia thanh ton. Tm li: cc cch din t trn u phn nh ln y l mt phng thc thanh ton m ngi s hu th c th dng thanh ton tin mua hng ho dch v hay rt tin mt t ng thng qua my c th hay cc my rt tin t ng. 1.3.3. Phn loi th thanh ton C nhiu cch phn loi th thanh ton: phn loi theo cng ngh sn xut, theo ch th pht hnh, theo tnh cht thanh ton ca th, theo phm vi lnh th... Phn loi theo cng ngh sn xut Theo cch phn loi ny s c 3 loi: n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
14 Th khc ch ni (EmbossingCard): da trn cng ngh khc ch ni, tm th u tin c sn xut theo cng ngh ny. Hin nay ngi ta khng cn s dng loi th ny na v k thut qu th s d b gi mo. Th bng t (Magnetic stripe): da trn k thut th tn vi hai bng t cha thng tin ng sau mt th. Th ny c s dng ph bin trong 20 nm qua , nhng bc l mt s nhc im: do thng tin ghi trn th khng t m ho c, th ch mang thng tin c nh, khng gian cha d liu t, khng p dng c k thut m ho, bo mt thng tin... Th thng minh (Smart Card): y l th h mi nht ca th thanh ton, th c cu trc hon ton nh mt my vi tnh.
Phn loi theo tnh cht thanh ton ca th Th tn dng (Credit Card): l loi th c s dng ph bin nht, theo ngi ch th c php s dng mt hn mc tn dng khng phi tr li mua sm hng ho, dch v ti nhng c s kinh doanh, khch sn, sn bay ... chp nhn loi th ny. Gi y l th tn dng v ch th c ng trc mt hn mc tiu dng m khng phi tr tin ngay, ch thanh ton sau mt k hn nht nh. Cng t c im trn m ngi ta cn gi th tn dng l th ghi n hon hiu (delayed debit card) hay chm tr. Th ghi n (Debit card): y l loi th c quan h trc tip v gn lin vi ti khon tin gi. Loi th ny khi c s dng mua hng ho hay dch v, gi tr nhng giao dch s c khu tr ngay lp tc vo ti khon ca ch th thng qua nhng thit b in t t ti ca hng, khch sn ... ng thi chuyn ngn ngay lp tc vo ti khon ca ca hng, khch sn... Th ghi n cn hay c s dng rt tin mt ti my rt tin t ng. Th ghi n khng c hn mc tn dng v n ph thuc vo s d hin hu trn ti khon ca ch th. C hai loi th ghi n c bn: - Th online: l loi th m gi tr nhng giao dch c khu tr ngay lp tc vo ti khon ch th. - Th offline: l loi th m gi tr nhng giao dch cc khu tr vo ti khon ch th sau vi ngy. Th rt tin mt (Cash card): l loi th rt tin mt ti cc my rt tin t ng hoc ngn hng. Vi chc nng chuyn bit ch dng rt tin, yu cu t ra i vi loi th ny l ch th phi k qu tin gi vo ti khon ngn hng hoc ch th c cp tn dng thu chi mi s dng c. n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
15 Th rt tin mt c hai loi: - Loi 1: ch rt tin ti nhng my t ng ca Ngn hng pht hnh. - Loi 2: c s dng rt tin khng ch Ngn hng pht hnh m cn c s dng rt tin cc Ngn hng cng tham gia t chc thanh ton vi Ngn hng pht hnh th.
Phn loi theo phm vi lnh th Th trong nc: l th c gii hn trong phm vi mt quc gia, do vy ng tin giao dch phi l ng bn t ca nc . Th quc t: y l loi th c chp nhn trn ton th gii, s dng cc ngoi t mnh thanh ton.
Phn loi theo ch th pht hnh Th do Ngn hng pht hnh (Bank Card): l loi th do ngn hng pht hnh gip cho khch hng s dng mt s tin do Ngn hng cp tn dng. Th do t chc phi ngn hng pht hnh: l loi th du lch v gii tr ca cc tp on kinh doanh ln hoc cc cng ty xng du ln, cc ca hiu ln... pht hnh nh Diner's Club, Amex...
1.4. Tng quan v l thuyt mt m 1.4.1. Khi nim v mt m Mt m hc l nghnh khoa hoch ng dng vo vic m bo an ton thng tin. Mt m hc gi vai tr quan trng v c nhiu ng dng trong i sng x hi t lnh vc an ninh qun s , n cc lnh vc dn s nh kinh t, ngn hng, thng mi i tng nghin cu chnh ca mt m hc l cc k thut m ha v bo mt thng tin. 1.4.2. Cc loi mt m 1.4.2.1. M ho quy c M ho quy c (hay cn gi l m ho i xng ) l h thng m ho s dng cng mt kho gi l kho b mt (secret key/ symetric key) thc hin m ho hay gii m thng tin. Vic bo mt thng tin tu thuc vo vic bo mt kho b mt Phng php m ho quy c DES c a vo s dng nm 1977 khng cn c xem l an ton khi tc tnh ton ca cc b vi x l ngy cng tng n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
16 nhanh chng . Do n khng c p dng cho cc ng dng i hi an ton v bo mt thng tin cao nh cc h thng thanh ton in t, h thng ngn hng in t khc phc yu im , thng 10/2000, Vin tiu chun v cng ngh Hoa K NIST cng b chun m ho m rng AES v quyt nh chn thut ton Rijndael lm phng php m ho quy c i din cho AES. Tuy nhin phng php m ha quy c vn l phng php m ha c in, khng em li s tin cy cao ca phng php m ha kha cng khai mt phng php m ha ca mt m hin i. 1.4.2.2. M ho kho cng khai M ha kha cng khai ( hay cn gi l m ha bt i xng ) l h thng m ha s dng mt cp kha m ha v gii m thng tin. Mt kha c cng b rng ri ( kha cng khai public key ) m ha thng tin, mt kha c gi b mt ( kha b mt secret key ) gii m thng tin. Li ch ln nht ca m ha kha cng khai chnh l gip ngi s dng trnh c cc ri ro khi trao i kha. Mt h thng m ha kha cng khai bao gm : Diffie Hellman (Whitfield Martin Hellman ), RSA ( Rivest Shamir Adleman ), Elgamal (Tahel Elgamal ), DSA ( David Kravitz ) v ECC ( Neal koblitz Victor Miller ). Trong s RSA c s dng rng ri nht bi s thuyt phc v tnh an ton bo mt thng tin rt cao. cng chnh l l do m ngi vit n la chn thut ton m ha RSA thc hin vic m ha thng tin. Tuy nhin, nhc im ln nht nhc im ln nht ca RSA l tc x l thng tin chm, gy tr ngi cho cc h thng ng dng, nht l cc h thng ng dng chy trn mi trng mng vn d c coi l mi trng truyn thng c tc ra. M ha kha cng khai l nn tng ca nhiu ng dng bo mt c ngha quan trng trong i sng x hi nh : ch k in t, chng nhn in t, an ton trong truyn d liu trn mng ( giao thc SSL). Trong khun kh ca n ny ngi vit n khng th a ra y chi tit v cc thut ton m ha quy c v cc thut ton m ha kha cng khai. y, ngi vit n ch trnh by nhng vn c bn ca thut ton m ha v sinh ch k s RSA mt thut ton c p dng xy dng h thng ng dng ca n. 1.4.2.3. Thut ton m ha RSA Thut ton m ha RSA l mt thut ton m ha kha cng khai ph bin hin nay trn th gii. RSA c xem l phng php an ton v c kh nng ng dng rng ri trong cc lnh vc . Da vo nn tng l thuyt v phn tch tha s nguyn t ca s nguyn ln, thut ton RSA c p dng vo m hnh m ha, m n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
17 hnh truyn nhn kha v m hnh sinh ch k in t. Phng php m ha RSA i hi mi thc th s hu mt cp kha cng khai kha ring s dng cho tt c cc m hnh m ha Qu trnh to kha cng khai : To ngu nhin hai gi tr s nguyn t ln khc nhau p v p. Tnh gi tr n = p * q v (n) = (p-1)(q-1). Chn s m cng khai e (1 < e < (n)) nguyn t cng nhau vi (n). Tnh s m b mt d sao cho e*d 1(mod (n)). Gi tr kha cng khai chnh l cp (n,e).Gi tr kha ring l d. Trong : n RSA modules e S m m ha ( encryption exponent) d S m gii m ( decryption exponent) Nu h thng RSA s dng s n c chiu di l k bit th c gi l h thng RSA k-bit
Qu trnh m ha d liu : Gi (n,e) l kha cng khai, d l kha ring ca ngi nhn B. Ngi gi A c nhu cu m ha v gi thng ip m cho ngi nhn B. Qua trnh m ha din ra nh sau : A nhn gi tr kha cng khai ca B Biu din thng ip m di dng mt s nguyn trong khong [0..n-1]. Nu thng ip m qu di, chia m thnh tng khi c kch thc ph hp m ha. Tnh gi tr c = m e mod n A chuyn thng ip m ha c cho B. Qu trnh gii m d liu : B nhn thng ip c m ha. S dng kha ring d tnh gi tr m = c d mod n.
1.4.3. Cc thut ton hm bm v ch k in t 1.4.3.1. Cc thut ton hm bm Hm bm l hm ton hc chuyn i mt thng ip c di bt k thnh mt dy bit c di c nh ( di c nh ph thuc vo tng thut ton bm ). Dy bit ny cn c gi l message digest (thng ip rt gn) i din cho thng n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
18 ip ban u. Hm bm l mt hm mt chiu ( one-way function ) do rt kh c th ly li thng ip ban u t message digest. Cc thut ton ny cho php xc nh tnh ton vn d liu ca thng ip: mi thay i d l nh nht ca thng ip u cho kt qu thng ip rt gn khc nhau. Tnh cht ny hu ch ny trong vic pht sinh, kim tra ch k in t, on m chng nhn thng ip v pht sinh s ngu nhin. Hm bm l nn tng ca nhiu ng dng m ha. C nhiu thut ton thc hin hm bm, trong s SHA-1 v MD5 l c s dng ph bin v ng tin cy. Trong phn xy dng ng dng, ngi vit n la chn thut ton MD5 bm mnh d liu truyn trn mng. 1.4.3.2. Ch k in t Mt trong cc li im chnh ca m ha kha cng khai l cung cp mt phng php to ch k in t. i vi vn bn trn giy, ngi dng c th dng ch k tay xc nhn ni dung v ngun gc ca thng tin trong vn bn. Tuy nhin i vi vn bn in t rt d dng sa ni dung thng tin m khng li du vt. Nh vo vic p dng cc tnh cht ca m ha kha cng khai, ch k in t ra i p ng nhu cu xc thc ni dung thng tin ca vn bn in t. Ch k in t l mt chui s nh phn c kh nng xc thc ngun gc d liu, tnh ton vn d liu v trnh s ph nhn trch nhim ca ngi gi. Tuy nhin, mt ch k vit tay c th b gi mo cn ch k in t gn nh khng th gi mo. Cch thc to ch k in t da trn vic m ha thng tin xc nhn bng kha ring ca ngi dng. Nu ngi nhn gii m chnh xc thng tin bng kha cng khai ca ngi gi th ni dung ca vn bn c chng thc. Cc vn bn cn c xc nhn thng c kch thc kh ln trong khi vic m ha bng cc thut ton m ha kha cng khai li c tc rt chm. tng tc k nhn v xc nhn ch k in t ng thi gim khi lng truyn ti, ch k in t c thc hin trn message digest ( thng ip rt gn ) ca vn bn. Ch k in t c ngha rt ln trong thng mi in t do kh nng xc nhn s ton vn v ngun gc ca thng tin c trao i qua mng. c bit ch k in t ng vai tr rt quan trng trong vic thanh ton trc tuyn v ta cc chng nhn in t giao dch. C nhiu thut ton sinh ch k in t khc nhau hin ang tn ti v s dng nh: RSA ( Rivest Shamir Adleman ), DSA ( Digital Signature Algorithm ), ECDSA ( Elliptic Curve Digital Signature Algorithm ). Trong thut ton RSA, DSA c tin cy cao v c s dng hu ht cc ng dng c s dng sinh ch k in t. Do thut ton RSA c ngi vit n la chn sinh ch k in t n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
19 trong chng trnh ng dng. V trong khun kh n ngi vit khng th trnh by y chi tit tt c cc thut ton sinh ch k s, m y ngi vit s trnh by nhng vn c bn ca phng php sinh ch k in t RSA. 1.4.3.3. M hnh ch k in t RSA Phng php RSA c th c p dng trong ch k in t. Kha ring c dng to ch k. Kha cng khai dng xc thc ch k. nng cao tc x l, thut ton MD5 c s dng ta thng ip rt gn ca vn bn cn k. Vic ta v xc nhn ch k c thc hin trn thng ip rt gn. Qu trnh to ch k bng RSA: Gi s A c kha cng khai l (n,e) v kha ring l d, gi vn bn cn k l M, A to ra message digest ca M bng hm H l H(M). A dng kha ring d m ha H(M) bng phng php RSA: Y = H(M) d mod n Y chnh l ch k in t ca vn bn M Qu trnh xc nhn ch k bng RSA: Gi M l bn sao ca M m B nhn c t A, v Y l ch k in t ca M, B to message digest ca M bng hm bm H l H(M) B dng kha cng khai ca A l (n,e) gii m ch k in t Y bng phng php RSA: H(M) = Y e mod n. Nu H(M) = H(M), ch k in t c xc nhn v ngi nhn c th m bo vn bn c gi l xc thc. Nu H(M)H(M), vn bn b sa i hoc vn bn khng c k bng ng ch k ngi gi. Thng tin ca vn bn c xem l khng hp l.
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
20
Phn II: M HNH GII PHP THANH TON IN T 2.1. Tng quan giao thc iKP 2.1.1. Lch s hnh thnh h giao thc iKP Internet v ang tr thnh din trng tim nng v ha hn h tr cho thng mi in t. Trong nhiu nm qua, cc ng dng c bn ch yu trn Internet l e-mail (SMTP), telnet (remote login), news (NNTP), fpt (file transfer protocol), .v.v.v v gn y l WWW vi giao thc HTTP (hypertext transfer protocol). T nm 1993, mt s cc t chc quc t hoc cng ty nh WWW consortium, NSCA, Netscape Comm. Corp. a ra hng lot cc "chun" v bo mt nh SSL (secure socket layer), S-HTTP (secure hypertext transfer protocol), SET (secure electronic transactions),... lm c s tng cng cho cc ng dng thng mi in t trn Internet. Tuy nhin, cu hi t ra l: "Lm th no thanh ton?" hoc "Vic thanh ton th no l an ton?", vvv.Vn mi ny sinh lm cc chuyn gia trong lnh vc thng mi in t phi suy ngh tm hng gii quyt cho vn ny.
T nm 1994, c rt nhiu m hnh giao thc khc nhau c a ra gii quyt vn thanh ton in, mt trong nhng giao thc thanh ton c cc chuyn gia trong lnh vc thng mi in t quan tm l h giao thc iKP do Vin nghin cu IBM ( IBM Research) a ra. iKP l mt h cc giao thc thanh ton in t gi l Internet Keyed Protocol (iKP) gii quyt vic thanh ton giao dch a phng trn Internet (secure multi-Party transactions), da trn m hnh th in t. iKP gm 3 giao l 1KP, 2KP, 3KP ( do vy iKP c gi l mt h giao thc thanh ton in t ) c xy dng da trn nn tng ca mt m hin i ( mt m kha cng khai, thut ton m ha RSA ) thc hin kt hp phn mm v/hoc phn cng. iKP m phng cc ngi chi ch yu ca cc giao dch thng mi trn Internet l Customer ( i din cho khch hng), Merchant ( i din cho doanh nghip) v Acquier ( i din cho ngn hng). Mc tiu ca iKP l t c s cho cc thanh ton in t trong tng lai dng cng ngh credit-card truyn thng. Pht trin theo hng m, iKP c s ng h ca rt nhiu hng ti chnh th lc v hin trn qu trnh xy dng v hon chnh 2.1.2. Cc khi nim trong h giao thc iKP 2.1.2.1. Khi nim v Party
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
21
Hnh 2-1. Cc Pary trong m hnh thanh ton
Mt thc t m ai cng nhn thy rng, mt qu trnh giao dch thanh ton bao gi cng c s tham gia ca cc bn, l bn mua , bn bn v bn thanh ton. Party l khi nim ch bn tham gia qu trnh giao dch in t nh khch hng(Customer), thng gia(Merchant), ngn hng thanh ton(Acquirer Bank),ngn hng pht hnh th(Issuer Bank), t chc th tn dng(Credit Card association ), t chc chng nhn kho cng khai(CA), k gian(Adversary). Sau y chng ta s tm hiu r hn v cc Party:
T chc th tn dng Master Card,Visa Card,..vv
Ngn hng pht hnh th ( Issuer ) L thnh vin chnh thc ca cc T chc th quc t c xc nh bi mt s nh danh gi l BIN ( Bank Identification Number).y l m s ch Ngn hng pht hnh th.Trong hip hi th c nhiu ngn hng thnh vin, mi ngn hng thnh vin c mt m s ring gip thun li trong thanh ton v truy xut. Ngn hng pht hnh th cung cp th cho Customer v l ngn hng pht hnh chu trch nhim tip nhn h s xin cp th, x l v pht hnh th, m v qun l ti khon th, ng thi thc hin vic thanh ton cui cng vi ch th.
Khch hng ( Customer ) L ch s hu th tn dng c cung cp th bi Ngn hng pht hnh th v chu s qun l ca Ngn hng pht hnh th ..y l i tng pht ra yu cu n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
22 thanh ton cho c s chp nhn th(Merchant) bng cch s dng mt my tnh kt ni mng.Mi ch th c mt m s b mt c gi l PIN (Personal Identification Number). l m s c nhn ca ch th thc hin giao dch rt tin ti cc my rt tin t ng. M s ny do Ngn hng pht hnh th cung cp cho ch th khi pht hnh. i vi m s PIN, ngi ch th phi gi b mt, ch mt mnh mnh bit. C s chp nhn th (Merchant) L cc thnh phn kinh doanh hng ho v dch v c k kt vi Ngn hng thanh ton v vic chp nhn thanh ton th nh: nh hng, khch sn, ca hng... Cc n v ny phi trang b my mc k thut tip nhn th thanh ton tin mua hng ho, dch v, tr n thay cho tin mt.
Ngn hng i l hay Ngn hng thanh ton(Acquier) L Ngn hng trc tip k hp ng vi c s tip nhn v thanh ton cc chng t giao dch do c s chp nhn th xut trnh. Mt Ngn hng c th va ng vai tr thanh ton th va ng vai tr pht hnh.
K gian(Adversary) y l khi nim tru tng, c hiu l k tham gia hoc tn cng vo h thng nhm mc ch kim li cho ring mnh.N c th tham gia nhiu vai din khc nhau: ng vai l mt Customer rm vi mc ch mua hng nhng khng tr tin, ng vai l mt c s chp nhn th mo danh vi mc ch ly tin ca Customer m khng mt sn phm. K nghe trm(listen eavesdropper): ngi nghe trm cc thng ip v cc b mt nh s PIN K ph hoi thay i thng tin(active attacker): K to ra nhng message gi mo ri gi cho Customer i th cnh tranh (Adversary): K c kh nng ly kha t mt Party xc thc K to hoc s dng Vius(Intruder) vi mc ch ph hoi. Ni gian ( insider ): Ngi ni b hay tay trong vi m mu ph hoi T chc chng nhn kha cng khai(Certification Authority) L t chc c kha b mt (SKC), v bn sao cng khai PKC chng nhn kha cng khai ca Party 2.1.2.2. Cc yu cu ca Party n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
23 Cc yu cu c bn ca mt h thanh ton in t trn Internet i hi bao gm cc yu cu ca cc i tc tham gia mua bn trn mng m bo quyn li cho mnh. C 3 bn (i tng tham gia giao dch ) lin quan n mua bn trn mng l Customer, Merchant v Acquirer. Sau y l mt s yu cu c bn:
Yu cu ca Acquirer m bo quyn li cho mnh, Issuer/Acquirer cn nhng yu cu sau: A1.Bng chng xc thc giao dch ca Customer ( Proof of transaction authorisation by Customer) Mc ch ca yu cu ny l ngn hng bit ch xc giao dch thc hin bi chnh Customer tht, khng phi k mo danh no ( nh trnh vic gian ln thc hin bi Merchant ). Khi Merchant yu cu Acquier ghi n vo ti khon tn dng no , Acquier nn s hu mt bng chng khng th gi chi ci c xc minh rng Customer cho php vic thanh ton ny hay ni cch khch y l chng c chng minh c rng Customer chp nhn tham gia giao dch thanh ton ny. Vi yu cu ny Customer phi chu trch nhim v giao dch thanh ton ca mnh ( chng s chi b). Ch rng cc thng tin trong giao dch ti thiu cn phi c: s tin thanh ton, thi im thanh ton v thng tin nhn dng Merchant. V phi m bo rng Adversary khng c bit cc thng tin ng thi khng c kh nng ra lnh cho mt phin giao dch.V nh rng Merchant cng c th l Adversary v Merchant sinh ra cc lnh gi mo. Chng ta phn bit rng trong nhng bng chng xc thc giao dch ca Customer c th l nhng chng c yu ( Weak Proof-nhng bng chng khng chc chn) hoc c th l nhng bng chng mang tnh r rng chc chn ( undeniable receipt). Chng c khng chc chn ( Weak Proof ): Customer c xc thc vi Acquier nhng li khng ph hp vi Party th ba. V d nh s tin thanh ton, n v tin t Chng c r rng chc chn ( undeniable receipt ): nh mt bin lai khng th ph nhn c-khng th chi b. V d nh s th . A2.Chng nhn v xc minh Merchant(Certification and authentication of Merchant) Bng chng xc thc vic tr tin ca ngi mua n ng vi ngi bn.y l yu cu cn thit, v Acquier phi chc chn rng mnh ang thanh ton vi mt Merchant tin tng ch khng phi vi k la o.
Yu cu ca Merchant M1.Bng chng xc thc giao dch ca Acquier(Proof of transaction authorisation by Acquirer) n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
24 Merchant cn bit ch xc tin vo ti khon mnh t Ngn hng no. Do Merchant cn nhng bng chng xc thc v Acquier. l cc thng tin chng nhn v xc minh tnh ng n v Acquier. Cc thng tin cn lu : s tin, thi im giao dch, thng tin xc nh phin giao dch .Chng ta cng cn phn bit r hai loi chng c nh ni trn ( mc 1.3.1-A1 ): Chng c khng chc chn(Weak Proof) Chng c r rng chc chn ( undeniable receipt ) M2.H tr nhng t giao dch nh(Support for batching of small payments) i vi giao dch thanh ton n l th Merchant cng cn h tr cc dch v nh l khng nht thit lc no cng phi yu cu Customer tham gia giao dch mt cch cu k phc tp. Merchant cn ch n hiu qu trong giao dch thanh ton l. M3.Chng chi b t Customer ( Non-repudiation from customer ) Mc ch ca yu cu ny l Merchant cn s xc thc giao dch ca Customer. Khi Customer ng tham gia giao dch thanh ton th khng th chi ci hoc ph nhn cc giao dch
Yu cu ca Customer C1.Chng gi mo Customer trong thanh ton(Unauthorised payment is impossible) y l yu cu quan trng nht ca Customer.Ch c Customer mi c ch quyn ca cc giao dch chuyn khon trn ti khon mnh.Bi v cc hacker hoc k la o c th sinh ra t giao dch gi, mo danh Customer tham gia giao dch mt cch hp php khi chng bit c m PIN v s th. Do yu cu ny bo m an ton v ti khon ca Customer C2.Bng chng xc thc giao dch ca Acquier ( Proof of transaction authorisation by Acquirer ) Customer yu cu c bng chng t Ngn hng v giao dch trn ti khon ca mnh. Chng ta cng cn phn bit hai loi chng c sau: Chng c khng chc chn (Weak Proof) Chng c r rng(undeniable receipt) C3.Bin lai thanh ton nhn t Merchant(Receipt from Merchant) Vi yu cu ny Customer mun nhng chng c v Merchant nhn c tin ca dch v hoc hng ho m mnh mua. C4.Bo v tnh ring t ca n hng(Privacy of order information or anonymity) Customer khng mun thng tin mua bn (mt hng, s lng, s tin) ca mnh l cho ngi ngoi bit. C5.Chng nhn v xc minh Merchant(Certification and authentication of Merchant) n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
25 C6.Tnh n danh ( Anonymity ) Khch hng khng mun cc thng tin v bn thn mnh b tit l cho ngi ngoi. l yu cu v bo v tnh ring t ca khch hng khi tham giao giao dch in t. C7.H tr vic cc khc mc sau giao dch ( Support for disputability of payments) Khi kt thc giao dch Customer cng cn c tranh ci bo v quyn li ca mnh khi c vn ny sinh. 2.2. Giao thc 1KP 2.2.1. Gii thiu Giao thc c bn nht ca h giao thc iKP l giao thc 1KP.Trong phn ny chng ta s tm hiu v c ch hot ng ca n.Theo giao thc 1KP th Customer v Merchant u c quyn s hu kha cng khai ( PK A ) v bn chng thc kha cng khai ca Acquirer ( CERT A ). Mi Customer C c s PIN b mt, y l thng tin b mt khng th tit l cho bt k ai, bi v nu mt k khc bit c m PIN h c th d dng truy cp vo ti khon ca khch hng thc hin cc giao dch.Khi Customer v Merchant thc hin trao i thng tin cho nhau, h s dng kha cng khai ca Acquirer m ha thng tin trc khi truyn i.Thut ton m ha c dng y l RSA - mt thut ton ca mt m hin i. chng nhn kha cng khai l ca Acquirer.Th Customer v Merchant cn phi c bn chng thc kha cng khi ca Acquirer ( CERT A ). tm hiu v c ch hot ng ca giao thc 1KP, ta cn bit mt s khi nim sau: 2.2.2. nh ngha cc thng ip tm hiu v c ch hot ng ca giao thc 1KP, ta cn bit mt s khi nim sau: OFFER: n hng cho hng m Merchant gi cho Customer.N gm cc trng thng tin: OFFER description : Cc m t v n hng OFFER. Amount : Tng tin thanh ton Currency: n v tin t Date: ngy giao dch ID of Merchant: m xc thc ca Merchant ORDER: n hng m Customer gi li cho Merchant xc minh li n cho hng ca Merchant , bao gm cc trng thng tin sau: ORDER description : Cc m t v ORDER. Amount: tng tin thanh ton Currency: n v tin t n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
26 Date: ngy giao dch ID of Merchant : m xc thc ca Merchant. delivery address: a ch phn pht hng. a ch phn pht hng ph thuc vo sn phm c giao, n c th l a ch thc nh s nh ng ph (a ch vt l), n c th l a ch logic nh email. Nhng sn phm c th phn pht theo a ch logic nh phn mm, ti liu vv. Cn nhng sn phm khng th phn pht theo a ch logic c nh hoa, tranh nh vv s s c gi theo a ch vt l. SLIP : L mt i tng m Customer to ra ma ha v gi cho Merchant , bao gm cc trng thng tin sau: Amount: tng tin thanh ton Currency: n v tin t Date: ngy giao dch ID of Merchant : m xc thc ca Merchant. Credit card number : s th tn dng ca Customer Expiration date : ngy ht hn ca th PIN : m s c nhn ca Customer H(ORDER): gi tr ca hm bm ni dung i tng ORDER. AUTH : L i tng m Acquirer cu thnh phn hi cho Merchant cc thng tin xc thc v mt phin gao dch : approved/rejected: thng tin phn hi chp nhn ( approved ) hoc t chi ( rejected ) giao dch. H(amount, currency, date, ID of Merchant) : gi tr hm bm cc thng tin ( amount, currency, date, ID of Merchant ). H(ORDER) : gi tr hm bm cc thng tin ca ORDER. 2.2.3. C ch giao thc Sau khi Customer t n thanh ton , Merchant s gi cho Customer mt mu thanh ton cha thng tin v n hng v v Merchant ( nh ngy thng giao dch, s lng hng, s tin thanh ton, ID ca Merchant, kha cng khai ca A v mt bn chng thc kha cng khai ny). C th Customer bit chnh xc cc thng tin v n hng v v Merchant m minh ang giao dch nhng chng tn hi g v s an ton hn nu Customer gi li thng tin cho Merchant khng nh rng mnh nhn c thng tin chnh xc t Merchant . Customer s kim tra li tnh hp l ca cc thng tin trong bn chng thc kha cng khai CERTA ca Acquirer m mnh s thc hin vic m ha SLIP bng kha cng khai ny. Sau C to thnh mt thng ip (i tng ) SLIP v m ha n bng kha cng khai ca A to thnh bn m y = EA(SLIP) ri truyn bn m cng vi thng ip ORDER cho Merchant Merchant nhn cc thng tin t Customer truyn ti , thc hin kim tra cc thng tin trong ORDER xem c thich hp vi li t hng OFFER khng. Sau n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
27 Merchant thc hin bm ORDER, thu c gi tr bm ca ORDER l h = H(ORDER) v gi h cng vi bn m y ti Acquirer. Acquirer nhn thng tin t Merchant l h v y. Acquirer s thc hin gii m bn m y bng kha ring ca mnh. Nu gii m b li n s thng bo giao dch khng hp l ( Customer khng dng ng kha cng khai ca Acquirer m ha SLIP ). Ngc li, khi gii m thnh cng Acquirer s ly thng tin t thng ip SLIP cu thnh thng ip ORDER thc hin bm : H(ORDER) v so snh vi gi tr h ca Merchant gi n. Nu c sai khc, th thng tin h hoc SLIP b thay i. Acquirer thc hin kim tra s PIN ca Customer , ID ca Merchant c cung cp bi Customer . Nu cc kim tra u tha mn , Acquirer s to ra mt thng ip xc thc AUTH vi thng tin phn hi l approved, v thng ip ny c Acquirer k ln bng ch k s SA .SA c to ra nh thut ton to ch k s ca h mt m hin i l RSA c s dng kha b mt ca mnh l SKA . Thng ip thu c l SA( AUTH, EA(SLIP)) v gi li cho Merchant. Merchant kim tra tnh hp l ca ch k bng kha cng khai ca Acquirer, nu tha mn v cc thng tin c Acquirer xc minh ng n Merchant s xem li ln na cc thng tin nhn c trc v anh ta cng gi li ch k s nhn c t Acquirer ti Customer. Customer nhn c thng tin phn hi t Merchant s kt thc giao dch nu mun hoc c th thc hin tip giao dch khc Giao thc 1KP l giao thc c bn v n gin nht trong h giao thc ca iKP. Trong giao thc 1KP ch c duy nht Acquirer l c quyn s hu kha cng khai v phn pht cp kha cng khai cho Customer, Merchant dng thc hin m ha cc xc thc ch k. Giao thc 2KP s c 2 Party c quyn s hu cp kha cng khai l Acquirer v Merchant . giao thc 3KP s c 3 Party c quyn s hu kha cng khai l Acquirer, Merchant v Customer.Giao thc 2KP v 3KP s c gii quyt chi tit phn tip sau y n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
28
Hnh 2-2. Giao thc 1KP 2.3. Giao thc 2KP 2.3.1. Gii thiu S khc nhau c bn ca 2KP so vi 1KP l: mi Merchant c mt kho cp kha cng khai/b mt, Merchant phn phi kho cng khai PKM v bn chng thc kha cng khai CERTM cho Customer r rng, ta gi s rng ch c duy nht mt Acquier chng thc tt c cc Merchant. Chng ta s m ho mt thng tin ca n t hng ( ORDER ). 2.3.2. nh ngha cc thng ip 2.3.3. C ch giao thc n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
29
Hnh 2-3. Giao thc 2KP
Nh giao thc 1KP, Customer cng nhn n cho hng OFFER cng vi bn chng thc kha cng khai ca Acquirer l CERT A , nhng giao thc 2KP Customer cn nhn t Merchant kha cng khai PK M , v bn chng thc kha cng khai CERT M ca Merchant.
Sau khi nhn c OFFER, PK M ,
CERT M , CERT A Customer thc hin to ra mt SLIP v m ha n bng kha cng khai ca Acquirer PK A thu c E A (SLIP), ORDER to thnh c m ha bng kha cng khai ca Merchant PK M thu c E M (ORDER). Customer gi E A (SLIP), E M (ORDER) ti Merchant . Cc thng tin gi ti Merchant trn ng truyn u c m ha. Merchant nhn thng tin do Customer gi ti l E A (SLIP), E M (ORDER), thc hin gii m ORDER bng kha b mt ca mnh SK M v thc hin kim tra tnh ng n cc thng tin trong ORDER. Giao dch c th b hy b bi Merchant nu: Gii m ORDER khng thnh cng: iu ny chng t Customer khng m ha ORDER bng kha cng khai ca Merchant gi ti, hoc thng tin trn ng truyn b thay i Cc thng tin nhn c t vic gii m ORDER khng hp l nh tha thun trc . n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
30 Cc thng tin trong ORDER sau khi kim tra tnh ng n s c Merchant thc hin bm mnh thu c h = H(ORDER). Merchant gi bn chng thc kha cng khai CERT M cng vi S M (E A (SLIP),h) l ch k s ca mnh ln E A (SLIP) v h ti Acquirer Acquirer nhn thng tin t Merchant l CERT M , S M (E A (SLIP),h) thc hin xc thc ch k ca Merchant bng kha cng khai ca Merchant ly trong bn chng thc kha cng khai CERT M . Nu ch k khng hp l Acquirer s phn hi li cho Merchant thng ip AUTH vi ni dung t chi giao dch ( rejected ).Ngc li Acquirer tip tc gii m E A ( SLIP ) v kim tra, xc thc cc thng tin trong SLIP ( amount, currecy, date, ID ca Merchant ). Thng tin xc thc AUTH, H(ORDER) v E A (SLIP) c Acquirer k ln v gi ti Merchant Merchant nhn ch k s ca Acquirer l S A (AUTH, E A (SLIP), H(ORDER)), xc thc ch k v k ln ch k , gi cho Customer Customer s xc thc ch k . V kt thc giao dch hoc tip tc giao dch mi.
Giao thc 2KP v c ch gn ging vi giao thc 1KP. S khc nhau c bn gia hai giao thc ny l s b sung quyn s hu kha cng khai ca Merchant do pht sinh thm mt s chc nng mi Party. giao thc 2KP thng tin truyn gia Customer v Merchant u c m ha, do v an ton v bo mt thng tin l hn giao thc 1KP. Giao thc 3KP c gii quyt vn tt hn hai giao thc trn ? Sau y chng ta s chi tit ha giao thc 3KP 2.4. Giao thc 3KP 2.4.1. Gii thiu 2 giao thc trn, Merchant v Acquirer khng bit chnh xc Customer tham gia giao dch l ai hay t chc no. Khi kt thc giao dch, bng chng v phin giao dch ca Customer rt kh truy lng li. Giao thc 3KP khc phc c nhc im , mi Customer tham gia giao thc 3KP u c s hu bn chng thc kha cng khai CERT C . y l bn chng thc chng minh tnh php nhn ca Customer khi tham gia giao dch, v Customer phi chu trch nhim trc php lut nu c s c xy ra. hiu r hn v giao thc 3KP chng ta s bit qua phn c ch ca giao thc: 2.4.2. nh ngha cc thng ip 2.4.3. C ch giao thc n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
31
Hnh 2-4. Giao thc 3KP
Customer nhn mt thng ip OFFER cng vi bn chng thc kha cng khai ca Merchant v Acquirer l CERT M , CERT A . Customer thc hin cc cng vic sau : Sinh ra thng ip ORDER v SLIP. Dng kha cng khai ca Acquirer ( PK A ) m ha thng ip SLIP va to thnh thu c bn m E A (SLIP) Customer dng kha cng khai ca Merchant ( PK M ) m ha thng ip ORDER thu c E M (ORDER). Customer dng kha b mt SK C ca mnh k ln hai bn m E A (SLIP) v E M (ORDER) thu c ch k s S C (E A (SLIP), E M (ORDER)) Cui cng Customer gi bn m ch k s S C (E A (SLIP),E M (ORDER))) cng vi CERT C ti Merchant xc thc Merchant sau khi nhn c bn chng thc kha cng khai CERT C , v ch k S C (E A (SLIP),E M (ORDER))) s thc hin cc tc v sau: Merchant thc hin gii m E M (ORDER).Giao dch s b hy b nu vic gii m khng thnh cng. Hy b giao dch bng cch Merchant s gi mt thng ip thng bo cho Customer bit giao dch khng khng hp l v b hy b. Nu gii m thnh cng, Merchant tip tc thc hin tc v tip theo. n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
32 i chiu, kim tra cc thng tin trong ORDER xem c hp l khng. Nu tn ti mt thng tin khng tha mn th giao dch thanh ton c th b hy b ti y. Ngc li, Merchant tip tc thc hin tc v tip Bm mnh ORDER thu c H(ORDER) Thc hin sinh ch k trn bn m E A (SLIP) v gi tr bm H(ORDER) thu c S M (E A (SLIP),H(ORDER)) Gi S M (E A (SLIP),H(ORDER)) cng vi bn chng thc kha cng khai CERT M ti Acquirer x l. Acquirer nhn c S M (E A (SLIP),H(ORDER)) cng vi bn chng thc kha cng khai CERT M s thc hin : Xc thc ch k ca Merchant gi n Gii m E A (SLIP) v kim tra tnh hp l thng tin trong SLIP Thc hin kim tra H(ORDER) Nu tn ti thng khng hp l Acquirer s gi thng ip AUTH vi ni dung t chi giao dch thanh ton, gi cho Merchant km cng vi ch k ca mnh l S A (AUHT, E A (SLIP), H(ORDER)) Merchant nhn thng tin phn hi t Acquirer s thc hin vic sinh ch k s ln ch k ca Acquirer thu c S M (S A (AUHT, E A (SLIP), H(ORDER))), gi li cho Customer Customer nhn thng tin li ch k S M (S A (AUHT, E A (SLIP), H(ORDER))) t Merchant v bt u xc thc thng tin bit kt qu giao dch. Customer c th kt thc giao dch hoc tip tc thc hin phin giao dch mi.
giao thc 3KP cc thng tin trn ng truyn u c m ha v cc thng tin u c k nhn xc minh ngun gc ca thng tin do Party no gi. R rng giao thc 3KP em li s minh bch v an ton hn 2 giao thc trn.
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
33
Phn III: NG DNG 3.1. t vn xy dng mt h thng thanh ton in t hon chnh i hi rt nhiu k thut, thi gian, kin thc v kinh nghim. Vi khong thi gian hn hp, cng vi s non nt v kinh nghim khng cho php ngi vit n pht trin mt h thng thanh ton hon thin gm c 3 giao thc. Trong phn ng dng m ngi vit n trnh by di y nhm tp trung a ra cc yu cu, phn tch cc yu cu, thit k, lp trnh cho giao thc 2KP. H thng ng dng m ngi vit n xy dng nhm chng minh tnh kh thi ca h giao thc iKP. Mt vn khc ny sinh khi trin khai ng dng ca h thng thanh ton in t l Khi mt doanh nghip ng trin khai h thng thanh ton in t th iu m h mong mun rng h thng thng mi in t hin ti ca h khng phi thay i.V vi mi h thng thng mi in t cn trin khai h thng thanh ton th chng ta khng nn xy dng li h thng t u. iu ny gy nhiu tn km v thi gian, tin ca v nhn lc. Gii php ca ngi vit n l xy dng mt giao din ( Interface ) thanh ton in t, mi h thng thng mi in t khi trin khai h thng thanh ton qua mng th ch cn ci t mt giao din m h thng hin ti ca khch hng khng phi thay i nhiu. Giao din m chng ta xy dng cng nn tng qut ha, tc l chng ta nn xy dng mt giao din lp trnh cha cc hm tin dng(API).
3.2. Phn tch 3.2.1. Bi ton Xy dng ng dng da trn giao thc thanh ton 2KP tha mn cc yu cu ca giao thc ( xin xem mc 2.1.2 bit r v cc yu cu ca giao thc)
3.2.2. Ni dung Mc ch : Hn ch ti a vic chnh sa hoc thay i hon ton h thng Website thng mi in t hin ti ca cc doanh nghip. m bo mc ch chng trnh c xy dng l mt giao din thanh ton. Khi mt doanh nghip mun trin khai h thng thanh ton in t trn h thng Website thng mi hin ti h s gi giao din thanh ton( hay mt dch v ) x l m khng phi thay i chnh sa nhiu h thng c n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
34 Tnh bo mt d liu: Cc thng tin truyn qua mng Internet u c m ha bng thut ton m ha kha cng khai RSA m bo s bo mt thng tin trn ng truyn Internet., c bit quan trng l cc thng tin v ti khon ca khch hng nh : s th( Credit Card Number), m PIN(Personal Identification Number), ngy ht hn (Expiration Date). Tnh ton vn d liu : S dng thut ton bm d liu nh MD5 bm mnh d liu, cng vi ch k s nhm m bo s ton vn d liu v xc thc ngun gc thng tin. Ni dung : Chng trnh c xy dng da trn giao thc thanh ton 2KP gm 3 giao din l iKPCusGate, iKPMerGate, iKPAcGate v h thng Website hin ti ca Merchant l ePayment iKPCusGate: l mt giao din thc ca Customer thc hin vic m ha d liu trc khi gi n cho Merchant. Cc chc nng ca iKPCusGate : - M ha thng tin n hng ORDER bng kha cng khai nhn c t bn chng thc kha cng khai CERT M
thu c bn m E M (ORDER). - M ha SLIP bng kha cng khai ca Acquirer PK A thu c bn m E A (SLIP) - Gi thng tin m ha cho Merchant . - Xc thc ch k ca Merchant v Acquirer bng kha cng khai tng ng l PK M , PK A . Cc ch k ny c nhn t Merchant sau khi Acquirer xc thc xong v gi li cho Merchant iKPMerGate: l cng giao tip ca Merchant vi Acquier c t ti host ca Merchant, chu s qun l gim st ca Merchant. iKPMerGate thc hin cc nhim v sau: - Nhn cc thng ip cha cc thng tin v ti khon c m ha bng kha cng khai ca Acquier (E A (SLIP)) v thng ip cha cc thng tin v n hng c m ha bng kha cng khai ca Merchant ( E M (ORDER)) t Customer gi n x l. - iKPMerGate s gi m E M (ORDER), ly thng tin trong ORDER , thc hin bm cc thng tin trong ORDER thu c thng ip rt gn H(ORDER) v thc hin sinh ch k in t ln H(ORDER) v E A (SLIP) . - iKPMerGate thc hin gi H(ORDER) v E A (SLIP) cng vi ch k ca Merchant ti Acquier gii m v xc thc v Merchant v Customer.
iKPAcGate: l cng giao tip ca Acquier vi h thng mng ti chnh c t ti host ca Acquier do n chu s qun l v gim st ca Acquier.iKPAcGate thc hin cc chc nng sau: + Nhn cc thng tin t Merchant (iKPMerGate gi n) + Thc hin vic gii m v xc thc ch k + Lin kt vi h thng mng ti chnh thc hin vic thanh ton + Gi li thng tin xc thc cho Merchant. 3.2.2. Yu cu n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
35 Mc tiu : Xy dng mt giao din thanh ton cho Merchant v Acquier thc hin giao dch mt cc an ton v c tin cy cao.V c bit l tnh c lp vi h thng Website hin ti ca doanh nghip. Yu cu chi tit : H thng thanh ton bao gm cc chc nng chnh sau: iKPCusGate: L cc dch v (Service) pha Merchant thc hin cc chc nng sau : o M ha ORDER bng kha cng khai ca Merchant PK M thu c E M (ORDER) o M ha SLIP bng kha cng khai ca Acquier PK A thu c E M (SLIP) o Gi E M (ORDER) v E M (SLIP) ti Merchant
iKPMerGate : L cc dch v pha Merchant thc hin cc chc nng sau : o Nhn E A (SLIP) v E M (ORDER) t Customer o Gii m E M (ORDER) ly cc thng tin v ORDER, i chiu, so snh tnh hp l ca ORDER.Nu ORDER khng hp l Merchant gi mt thng ip hy b giao dch.ORDER khng hp l nu : ORDER khng m ha bng kha cng khai ca Merchant cung cp dn n vic gii m khng thnh cng hoc b sai. Cc thng tin trong ORDER khng ng vi cc thng tin c tho thun trc khi thc hin thanh ton o Thc hin bm ORDER v k ln E A (SLIP) v H(ORDER) o Gi E A (SLIP) , H(ORDER) v S M (E A (SLIP),H(ORDER)) ti Acquier iKPAcGate: L cc dch v pha Acquier thc hin cc chc nng sau:
o Nhn E A (SLIP) , H(ORDER) v S M (E A (SLIP),H(ORDER)) t Merchant gi n o Thc hin vic gii m kim tra tnh ng n ca ch k s o Cc thng tin c kim tra tnh hp l s c Acquier kt ni vi h thng mng ti chnh thc hin giao dch thanh ton o Gi mt ch k xc thc S A (AUTH,H(ORDER),E A (SLIP)) ti Merchant ePayment: L h thng Website ca doanh nghip, khi c yu cu thanh ton h thng ny s gi dch v Webservice thc hin giao dch n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
36 3.2.2. Phn tch yu cu u im ca thanh ton in t Nhc im ca thanh ton in t 3.3. Thit k 3.3.1. Thit k chc nng (Usecase) Actor : Actor : biu din ngi hoc h thng khc tng tc vi h thng ang c m hnh ha. Cc actor ca h thng:
Hnh 3-1. Cc Actor ca h thng
Gii thch : Customer : l khch hng, bn pht ra yu cu thanh ton gi ti Merchant Merchant : l mt doanh nghip thc hin cc giao dch in t, l bn nhn yu cu thanh ton ca Customer Acquier : l ngn hng chp nhn thanh ton th, l bn xc thc tnh php l ca Merchant v tnh hp l ca ch th
Biu UseCase : Biu Usecase : m t mt chui cc hnh ng m h thng s thc hin t c kt qu c ngha i vi mt tc nhn. a. Phn chc nng tng th ca h thng Sau y l Usecase tng th n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
37
Hnh 3-2 Biu Usecase tng qut. a.1. Authorize payment : l chc nng xc thc thanh ton gia Customer v Merchant a.2. Inquire payment : l chc nng truy hi v giao dch thanh ton gia Customer v Merchant. Chc nng ny c th c thc hin trong khi hoc sau khi chc nng Authorize payment xy ra. a.3. Clear payment : l chc nng thc hin mt giao dch thc s vi ti khon hp l ca Customer c Acquier xc thc. Chc nng ny c giao tip gia Merchant v Acquier.
b. Phn chc nng Customer b.1. InitiateComposition : Sa son mt thng ip khi to giao dch thanh ton bng cc cng vic sau: 1.To m giao phin giao dch ca Customer (ID_C) : Th tc thc hin nh sau: - To s ngu nhin R_C - Tnh ID_C = H(R_C, CAN). 3.Gi thng ip INITATE c cu trc nh sau:
c. Phn chc nng Merchant c.1. InvoiceProccess : Khi nhn c thng ip INITATE t Customer, Merchant thc hin cc bc sau: 1.Kim tra trng thng tin v tr v m li nu giao dch khng hp l. 2.To ngy giao dch trong trng DATE 3.To ra NONCES l s ngu nhin n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
38 4.Tnh H(DESC,SALT_C) 5.Sinh mt cp s ngu nhin [V,VC] v tnh gi tr hm bm tng ng [H(V),H(VC)] 6.M ha COMMON(c cu trc nh nh ngha trn) v tnh H(COMMON) 7.To ch k SIG_M nu c SIG_M c thit lp 8.Gi thng ip INVOICE d. Phn chc nng Acquirer
Thit k lp : Lp l tp hp cc i tng c chung cc thuc tnh v phng thc. Mi i tng l th hin ca mt lp. d dng cho vic phn tch v thit k ngi ta chia lp thnh 3 loi: Lp thc th (Entity class) Lp thc th dng m hnh ha cc thng tin lu tr lu di trong h thng. N thng c lp vi cc i tng khc xung quanh, c ngha l n khng quan tm ti vic cc i tng xung quanh tng tc vi h thng nh th no. Do n thng c kh nng s dng li. K hiu trong UML:
Cc lp thc th trong h thng :
- AccountInfo : Lu thng tin v ti khon ca Customer AccountInfo _creditCardNo : String _pIN : String _amonut : String _currency : String _expirationDate : Date
Hnh 3-3. Cu trc lp AccuontInfo
- ProductInfo : Lu thng tin v cc mt hng bn ca Merchant ProductInfo _productID : String _name : String _description : String _price : Double _path : String
Hnh 3-4. Cu trc lp ProductInfo n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
39
- ShoppingCardInfo : Lu thng tin v cc sn phm trong gi hng m Customer t hng.
Hnh 3-5. Cu trc lp ShoppingCardInfo
- OrderInfo : Lu thng tin v n hng m khch hng t hng OrdertInfo _transactionIDCus : String _transactionIDMer : String _orderDesc : String _amount : String _currency : String _dateTransactionCus : Date _merchantID : String _deliveryAddress : String OrderEncrypt(String Key) : OrderEncryptInfo
Hnh 3-6. Cu trc lp OrderInfo
- OrderEncryptInfo: Lu cc thng v n hng c m ha OrdertEncryptInfo _transactionIDCus : String _transactionIDMer : String _orderDesc : String _amount : String _currency : String _dateTransactionCus : Date _merchantID : String _deliveryAddress : String <<override>> ToString() : String()
Hnh 3-7. Cu trc lp OrderEncryptInfo
- SlipInfo : Lu thng tin v ti khon ca Customer n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
- SlipEncryptInfo : Lu thng tin v ti khon ca Customer m ha SlipEncryptInfo _transactionIDCus : String _transactionIDMer : String _amount : String _currency : String _dateTransactionCus : Date _merchantID : String _creditCardNo : String _expirationDate : Date _pIN : String _hOrder : String <<override>> ToString() : String
Hnh 3-9. Cu trc lp SlipEncryptInfo
Lp iu khin (Control class) Th hin trnh t ng x ca h thng trong mt hay nhiu Use case. Lp ny dng iu phi cc hot ng cn thc hin hin thc ha chc nng ca mt Use case. Mt UseCase c th c nhiu lp iu khin, mt lp iu khin c th dng cho nhiu Usecase.
K hiu trong UML:
iu khin vic thao tc d liu cho mi lp thc th s c mt lp iu khin tng ng thc hin chc nng: thm mi, cp nht, xa v truy vn d liu n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
41
Cc lp iu khin trong h thng : - ProductController : Lp thc hn thao tc vi bng c s d liu tblPRODUCT - OrderController : Lp thc hn thao tc vi bng c s d liu tblORDER - OrderEncryptController : Lp thc hn thao tc vi bng c s d liu tblORDER_ENCRYPT - SlipController : Lp thc hn thao tc vi bng c s d liu tblSLIP - SlipEncryptController : Lp thc hn thao tc vi bng c s d liu tblSLIP_ENCRYPT - AccountController : Lp thc hn thao tc vi bng c s d liu tblACCOUNT - ShoppingCardController : Lp thc hn thao tc vi bng c s d liu tblSHOPPING_CARD
Lp bin (Boundary class) Dng nm gi s tng tc gia phn bn ngoi vi phn bn trong ca h thng. Chng cung cp giao din cho mt ngi dng hay mt h thng khc tng tc vi h thng. Mi mt tng tc gia cp Actor/ Use case i hi t nht l mt lp bin.
K hiu trong UML:
Cc lp bin trong h thng : - OrderView : Lp giao din thc hin giao dch t hng - ShoppingCardView : Lp giao din thc hin hin th gi hng. - PaymentView : Lp giao din thc hin vic thanh ton. - AuthrizationView : Lp giao din thc hin vic xc thc thng tin. n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
42 - AuthResponseView : Lp giao din thc hin hi th thng tin xc thc phn hi t Merchant. - DemoView : Lp giao din hin th cc bc thc hin trong giao thc.
Hnh 3-21. Biu tun t usecase thc hin xc thc vi Acquirer n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
46 3.3.3. Thit k c s d liu C s d liu pha Cusstomer Bng tblORDER. Mc ch : Lu cc thng tin v n hng Thit k : STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer 2 transactionIDMer nvarchar M phin giao dch ca Merchant 3 orderDesc ntext x M t v n hng 4 amount nvarchar x S tin thanh ton 5 currency nvarchar x n v tin t 6 dateTransactioCus datetime x Ngy Cusstomer giao dch 7 merchantID nvarchar x M ca doanh nghip 8 deliveryAddress ntext x a ch giao hng
Bng 3-1. Bng tblORDER
Bng tblORDER_ENCRYPT. Mc ch: Lu thng tin m ha ca ORDER Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer 2 transactionIDMer nvarchar M phin giao dch ca Merchant 3 orderDesc ntext x M t v n hng m ha 4 amount nvarchar x S tin thanh ton m ha 5 currency nvarchar x n v tin t m ha 6 dateTransactioCus datetime x Ngy Cusstomer giao dch m ha 7 merchantID nvarchar x M ca doanh nghip m ha 8 deliveryAddress ntext x a ch giao hng m ha n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
47
Bng 3-2. Bng tblORDER_ENCRYPT
Bng tblSLIP Mc ch: Lu thng tin cn xc thc cho phin giao dch Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer 2 transactionIDMer nvarchar M phin giao dch ca Merchant 3 amount nvarchar x S tin thanh ton 5 currency nvarchar x n v tin t 6 dateTransactioCus datetime x Ngy Cusstomer giao dch 7 merchantID nvarchar x M ca doanh nghip 8 creditCardNo nvarchar S th tn dng 9 PIN nvarchar M s c nhn ca ti khon 10 expridationDate datetime x Ngy ht hn ca th
Bng 3-3. Bng tblSLIP
Bng tblSLIP_ENCRYPT Mc ch: Lu thng tin cn xc thc cho phin giao dch c m ha Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer c m ha 2 transactionIDMer nvarchar M phin giao dch ca Merchant c m ha 3 amount nvarchar x S tin thanh ton m ha c m ha 5 currency nvarchar x n v tin t m ha c m ha 6 dateTransactioCus datetime x Ngy Cusstomer giao dch m ha c m ha n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
48 7 merchantID nvarchar x M ca doanh nghip m ha 8 creditCardNo nvarchar S th tn dng c m ha 9 PIN nvarchar M s c nhn ca ti khon c m ha 10 expridationDate datetime x Ngy ht hn ca th c m ha
Bng 3-4. Bng tblSLIP_ENCRYPT
Thit k: C s d liu pha Merchant Bng tblPRODUCT Mc ch: Lu tr cc thng tin v sn phm ca doanh nghip Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 productID nvarchar Id ca sn phm. 2 name nvarchar x Tn sn phm. 3 description ntext x M t sn phm. 4 price float x Gi sn phm. 5 path ntext x ng dn ca file nh sn phm
Bng 3-5. Bng tblPRODUCT
Bng tblSHOPPING_CARD. Mc ch: Lu tr thng tin v gi hng ca Cusstomer Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 productID nvarchar Id ca sn phm. 2 name nvarchar x Tn sn phm. 3 quantity int x S lng sn phm 4 price float x Gi ca mt sn phm 5 payment nvarchar x Tng tin thanh ton ca gi hng n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
49
Bng 3-6. Bng tblSHOPPING_CARD
Bng tblORDER. Mc ch : Lu cc thng tin v n hng Thit k : STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer 2 transactionIDMer nvarchar M phin giao dch ca Merchant 3 orderDesc ntext x M t v n hng 4 amount nvarchar x S tin thanh ton 5 currency nvarchar x n v tin t 6 dateTransactioCus datetime x Ngy Cusstomer giao dch 7 merchantID nvarchar x M ca doanh nghip 8 deliveryAddress ntext x a ch giao hng
Bng 3-7. Bng tblORDER
Bng tblORDER_ENCRYPT. Mc ch: Lu thng tin m ha ca ORDER Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 transactionIDCus nvarchar M phin giao dch ca Cusstomer 2 transactionIDMer nvarchar M phin giao dch ca Merchant 3 orderDesc ntext x M t v n hng m ha 4 amount nvarchar x S tin thanh ton m ha 5 currency nvarchar x n v tin t m ha 6 dateTransactioCus datetime x Ngy Cusstomer giao dch m ha 7 merchantID nvarchar x M ca doanh nghip m ha n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
50 8 deliveryAddress ntext x a ch giao hng m ha
Bng 3-8. Bng tblORDER_ENCRYPT
C s d liu pha Acquier Bng tblACCOUNT. Mc ch: Lu thng tin v ti khon ca Customer. Thit k: STT Tn trng Kiu d liu Null? Ghi ch 1 creditCardNo nvarchar S th tn dng 2 PIN nvarchar M s c nhn ca ti khon 3 amount nvarchar x S tin trong ti khon 4 currency nvarchar x n v tin t 5 expridationDate datetime x Ngy ht hn ca th
Bng 3-9. Bng tblACCOUNT 3.4. Lp trnh 3.4.1. Tng quan v cng ngh WebServices Nh chng ta bit, khi lp trnh trn mi trng Windows, khng ai khng bit s tin dng ca DLL (Dynamic Link Library). S tin dng ln nht phi k ra l kh nng chia s v ti s dng ca cc hm c vit trong DLL. Bt k mt ng dng no cng c th s dng c cc hm ca mt DLL nt bit c cc khai bo ca hm , mc d khng bit trong hm vit nh th no. l trn mi trng ng dng trn m hnh application ca Windows, cn trn mi trng phn tn, Web Service v ang c s dng nhiu hn. Vy Web Service l g? C th a ra y khi nim v Web Service do IBM n hnh: Web services l mt dng ng dng Web mi. Cc ng dng ny c cc tnh cht nh: c lp, t din t, c m un ha Chng c th c nh v v c triu gi thng qua mi trng Web. Web services c th thc hin cc chc nng t n gin ti cc x l nghip v phc tp Mi khi mt Web service c triu gi, cc ng dng khc ( hoc cc Web services khc) c th thy c v triu gi web service c trin khai . [3]. C th nhn thy ngay rng Web Service c cc vai tr gn ging vi vai tr ca DLL trong mi trng Windows. Tuy nhin, Web Service c nhiu u im m DLL khng th c c, c bit l tnh cht phn tn ca n. Kin trc ca ca Web Service gm cc thnh phn chnh nh sau: Cc Agents v cc Services, Requester v n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
51 Provider, Service Description. Cc Web Service c m t bng mt ngn ng ring da trn XML, c gi l WSDL (Web Service Definition Language) v c ng k giao tip trn mng nh vo UDDI (Universal Description, Discovery and Integration).
Hnh 3-22. Kin trc ca WebService
Giao thc cc Web Service dng trao i thng tin l SOAP (Simple Object Access Protocol). Nu mun c thm cc thng tin chi tit hn v cc vn trn, ngi c c th tham kho cc trang Web [1], [2], [3] mc ti liu tham kho. Trong khun kh ca n tt nghip ngi lm n khng th a ra y chi tit v cng ngh, y ngi lm n xin a ra mt trong cc p dng c th ca n. Vn ngi lm n xin cp ti y l p dng cng ngh trn vo bi ton xy dng h thng thanh ton in t da trn h giao thc thanh ton iKP.
3.4.2. Ci t cc Services n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
52 3.4.3. M hnh ng dng ca h thng 3.4.4. Giao din chnh ca h thng ng dng 1. t hng :
Hnh 3-23. Giao din ca chc nng t hng
2. Gi hng:
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
53
Hnh 3-24. Giao din ca gi hng.
3. Thanh ton:
Hnh 3-25. Giao din ca chc nng thanh ton
4. M ha thng tin: n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
54
Hnh 2-26. Giao din ca chc nng m ha thng tin
5. Xc thc thng tin:
Hnh 3-27. Giao din ca chc nng xc thc thng tin
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
55
Phn IV: KT LUN 4.1. nh gi kt qu t c n tt nghip l thnh qu ca s lao ng mit mi, mang m tnh du n c nhn ca thi sinh. N gip cho sinh vin c kh nng lm vic c lp, pht huy cc tng, s sng to ca mi cc nhn v mt chuyn nghnh, mt chuyn no . C th ni n tt nghip ny l sn phm u tay ca em c ngha ht sc quan trng i vi vic nh hng tip ti trong tng lai khi m em ri gh nh trng bc sang mt mi trng lm vic mi. Nhng kt qu m em gt hi c l nhng kin thc, kinh nghim, v phong cch lm vic v cng qu gi.Nhng kin thc m em thu c trong ti ny l : Kin thc chung v lnh vc thng mi in t ni chung v thanh ton in t ni ring. Kin thc ny gip em c ci nhn tng quan hn v thng mi in t Vit Nam, thy c nhng li ch cng nh cc vn bt cp cn tn ti trong lnh vc cn kh mi m nc ta, qua gip em c nh hng ng n hn v thng mi in t nc nh, xc nh c trch nhim ca mnh trong s pht trin chung ca t nc ni chung v s pht trin ca nn Cng ngh thng tin ni ring ca Vit Nam n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
56 Kin thc b ch v nghnh mt m hin i, l tin ng dng cho cc h thng chy trn mi trng mng i hi s an ton v bo mt thng tin cao. L thuyt v h giao thc thanh ton in t iKP v ng dng ca giao thc ny trong vic xy dng h thng thanh ton in t. Kin thc v cng ngh WebService ni chung v WebService ca .NET ni ring. Nhng kinh nghim ca v cch gii quyt vn , kinh nghim trong lp trnh cng ht sc qu gi. Qua , pht huy kh nng lm vic c lp, lm vic theo k hoch s l nhng tnh tt khi em lm vic sau ny. Sn phm m em xy dng chng minh c tnh kh thi ca giao thc. Trn thc t giao thc iKP ra i t kh lu ( nm 1994 ) v c p dng thc t cc nc c nn cng ngh thng tin pht trin. 4.2. Nhng vn thiu st v cch khc phc Chng trnh m em xy dng ch da trn l thuyt giao thc 2KP. Trong thi gian ti nu iu kin cho php em s hon thin sn phm hn. H thng mi hon thin s thc hin c c 3 giao thc 1KP, 2KP, 3KP. Do s dng cc th vin sn c ca .NET mt cc thun ty gy ra s chm chp v tc x l. C th trong tng lai, em s hon thin b th vin m ha ring ph hp vi h thng nhm ci thin tc x l. Thiu chc nng v s trao i kha cng khai v chng thc in t trn bn CERT Giao din ngi dng cng cn ci tin thun tin hn trong qu trnh thc hin giao dch. 4.3. Hng pht trin tng lai Ci thin tc x l ca cc thut ton m ha Tng bo mt thng tin trn ng truyn Xy dng thm cc chc nng cn thiu st Khc phc cc thiu st ca chng trnh
n tt nghip i hc Mt h thng thanh ton in t da trn h giao thc iKP
57
Ti liu tham kho
1. Web Service - http://otn.oracle.com/tech/webservices/htdocs/series/index.html 2. WSDL - http://www.w3schools.com/wsdl/default.asp 3. Web Services for J2EE, Version 1.0 IBM 4. Design, Implementation and Deployment of the iKP Secure Electronic Payment System - Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, Michael Waidner,/2000
5. iKP - A Family of Secure Electronic Payment Protocols - Mihir Bellarey Juan A. Garayy, Ralf Hauserz Amir Herzbergy, Hugo Krawczyky, Michael Steinerz, Gene Tsudikz, Michael Waidnerz , 1996